• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/33

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

33 Cards in this Set

  • Front
  • Back

user authentication

The process of verifying an identity claimed by or for a system entity

Authentication Process (2)

Identification step - Presenting an identifier to the security system (Registration)

Authentication step - Presenting or generating authentication information to support the binding the identity claim (Authentication port)

Means of authenticating users (4)

-Something that you know
-Something that you have (token)
-Something you are (static biometrics)
-Something that you do (dynamic biometrics)

Risk Assessment (3)

Assurance Level
Potential impact
Areas of risk

Assurance Level

Describes an organizations degree of certainty that a user has presented a credential that refers to his or her identity

Potential Impact

Authentication error that could be expected to have a serious adverse effect

Biometric authentication

Authenticate an individual based on unique characteristics. Requires special hardware.

Requirements for Biometric Identification (4)

Universality - Most person should have the characteristic

Distinctiveness - Noticeable differences among people

Permanence - The characteristic should not change significantly over time

Collectability - The characteristic should have the ability to be effectively determined and quantified

Biometric categories

Physiological - iris recognition, face recognition, hand geometry

Behavioral - walking gait, signature, typing pattern

Signature

behavioral biometric. shape speed stroke pen pressure timeing

may not work if not consistent

Barcodes: Vulnerabilities

Easy to duplicate
Easy to read
Not easy to update
Can be forged

QR codes: Vulnerabilities

URLs may contain malicious codes that will be passed on to the application

Chip & PIN: Vulnerabilities

Can be bypassed


Attacks on implementations

Password Vulnerabilities

Weak passwords


Password information leaked from network communication


Password information leaked from stored password file

Entropy

measures how uncertain the guessing outcome is
the least number of questions with yes/no answer that is needed to identify an object in the set

Online Password Attacks Countermeasures

account block after 3 tries


slow response


detect bots

advantages of salting

attacker must compute hashes of all dictionary words once for each value of salt and password

Phishing countermeasures

Detection - server filtering, client detection

One time password

Keyloggers

Randomize keypads / virtual keyboard

What info security do we need from a computer system

confidentiality - our data not seen by others


integrity - our data remains unchanged


availability - access it when we want

Categories of vulnerabilityies

Corrupted (integrity)


Leaky (confidentiality)


Unavailable (availability)

Threats

Capable of exploiting vulnerabilities


potential security harm

Attacks

Passive - attempt to learn or make use of information but does not affect system resources



Active - attempt to alter system resources or affect their operation



insider - entity inside the security parameter


What are Rainbow Tables

Make one-way hash functions two way by making a list of outputs for all possible inputs up to a character limit

Rainbow table cracking tools (3)

rtgen - generates rainbow tables


rtsort - sort


rtcrack - lookup



also has .txt file "charset.txt" and it contains all available set of chars used to generate tables

Assets of an organization

Hardware - computer system, data storage, data communication devices


Software - operating system, application program



Data - file, database, password file



Communication and network - Local communication, global communication, router

Vulnerability

A weakness of system's design, implementation or operation that could be exploited to violate the system policy and increase risk

What is cryptography

designing transformations and protocols for tasks that need security

SSL/TLS Cryptography

Public-key encryption


Symmetric-key encryption


Signature-based authentication


Hash for integrity


Symmetric key encryption

Share a secret key and use both for encryption and decryption

Public key encryption

Use a public key and encrypt a message. Other party will use a secret key to decrypt

Digital Signature

Can verify a message from one singular party

Certificates

Prove who you are communicating with